BOSTON--(EON: Enhanced Online News)--DFLabs, the leader in Security Automation and Orchestration Technology,
announced today the release of its new “Playbook Recommendation and
Intelligent Selection Mechanism” (DF-PRISM), enhancing DFLabs’ security
automation and orchestration (SAO) platform with incorporated
proprietary machine learning. The system uses patent pending advanced
methods and algorithms to ingest operational intelligence such as
security incident and resolution data to recommend playbooks and actions
based on historical incident response activities. This approach
minimizes the resources and time required to successfully analyze and
respond to ongoing incidents, while maximizing the effectiveness and
efficiency of security teams.

“Enterprises are finding it challenging to rapidly respond to security
incidents across a continuously growing attack surface and with limited
resources, resulting in a large window of opportunity for attackers to
execute the full kill chain and the potential for minor incidents to
evolve into full blown breaches”

At its core, DFLabs’ SAO enables security organizations to take a
gradual “crawl, walk, run” path to developing efficient processes for
successfully responding to and managing threats as well as hardening
security controls. Beginning with “Human Guided Learning” and evolving
to “Human Supervised Learning,” users can create and apply simple,
linear or conditional playbooks that combine manual, semi-automated and
automated actions. Decision-making and conditional responses can be made
manually by humans, automatically by machine, or a hybrid of the two –
depending on the needs, requirements and maturity of the organization.

Mature organizations can leverage DF-PRISM’s advanced “Runbooks.” These
support complex and stateful logical decision making to enable an
advanced and adaptive threat management program. Runbooks can be used to
fully automate the triage, hunting and investigation and containment of
incidents using conditional responses that allow users to pursue a
variety of alternative responses.

“In developing DF-PRISM, we built a technology that enables users and
the system to learn together and lets humans determine their level of
involvement in responding to and managing threats,” said Dario Forte,
chief executive officer and founder, DFLabs. “Users get immediate value
by tracking and responding to threats, then over time the system builds
a knowledge base of responses that can be relied on to automatically
manage the entire incident response process.”

According to recent research from Enterprise Strategy Group (ESG) titled
“Next Generation Cybersecurity Analytics and Operations Survey,”
commissioned by DFLabs and other technology vendors, 92% of respondents
have deployed, plan to deploy or are interested in deploying machine
learning technology to support automation and orchestration. The top
drivers are accelerating incident detection (29%) and accelerating
incident response (27%).

The research also found that 21% of respondents will deploy machine
learning because they hope the technology can help them maximize the
productivity of their existing staff to compensate for their inability
to hire enough new security operations personnel.

“Enterprises are finding it challenging to rapidly respond to security
incidents across a continuously growing attack surface and with limited
resources, resulting in a large window of opportunity for attackers to
execute the full kill chain and the potential for minor incidents to
evolve into full blown breaches,” said Oliver Rochford, vice president
of Product Marketing, DFLabs. “Augmenting analysts’ smart eyeballs with
machine learning will help organizations to reduce the time from breach
discovery to containment, while also aiding in building, retaining and
transferring of institutional knowledge about past incidents and
threats.”

Innovative Threatscape Modeling

Leveraging machine learning, DF-PRISM constructs a model of the
threatscape based on known and historical incidents, scoring and
evaluating any incident based on unique and shared indicators and
attributes and their relevance. The algorithms use this model to propose
playbooks for similar or related threats. Threats known to the model are
considered to have greater relevance, are scored more reliably, and are
assigned a greater urgency and higher prioritization.

Key benefits include:

Intelligence-guided false positive reduction

Improves the response time by up to 80%

Automatically correlates and re-applies playbooks across Tenants in
multi-user and MSSP environments

DF-PRISM is available immediately with version 4.2 of IncMan, which also
includes:

New Dual-Mode Playbook engines

An advanced correlation engine

An observables investigation view

A unique set of features based upon machine learning and supervised
active intelligence to guide first responders

The current integration library is composed of over 100 different
playbooks and connectors, which can be customized by and shared between
users without requiring scripting or coding.

About DFLabs

DFLabs – Cyber Incidents Under Control – is a recognized global leader
in security automation and orchestration technology. The company is led
by a management team recognized for its experience in and contributions
to the information security field including the co-editing of many
industry standards such as ISO 27043 and ISO 30121. Its flagship
product, IncMan, has been adopted by Fortune 500 and Global 2000
organizations worldwide. DFLabs has operations in Europe, North America
and EMEA. For more information, visit www.dflabs.com
or connect with us on Twitter @DFLabs.

Recent Stories

BOSTON--(EON: Enhanced Online News)--New research from ESG, commissioned by DFLabs and other technology vendors, reveals challenges to Cybersecurity Analytics and Operations and the increasing need... more »